2 matches found
CVE-2023-0073 Client Logo Carousel <= 3.0.0 - Contributor+ Stored XSS
The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0073
The CVE-2023-0073 entry concerns the WordPress plugin Client Logo Carousel (≤ 3.0.0). The connected documents confirm that the vulnerability arises because certain shortcode attributes are not validated or escaped before being echoed on a page, enabling Stored XSS via a contributor+ user. The PoC...